Windows Defender Antivirus

Applies to:

Windows Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers.

Windows Defender Antivirus includes:

  • Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
  • Always-on scanning, using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection")
  • Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research

You can configure and manage Windows Defender Antivirus with:

  • System Center Configuration Manager (as System Center Endpoint Protection, or SCEP)
  • Microsoft Intune
  • PowerShell
  • Windows Management Instrumentation (WMI)
  • Group Policy


You can visit the Windows Defender Testground website at to confirm the following features are working and see how they work:

  • Cloud-delivered protection
  • Fast learning (including Block at first sight)
  • Potentially unwanted application blocking

Check out What's new in Microsoft Defender ATP, including new features and capabilities in Windows Defender Antivirus.

Minimum system requirements

Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:

Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016; however, there are some differences.